Name
Title | ||
|---|---|---|
Validating the enforcement of access control policies and separation of duty principle in requirement engineering |
Abstract | ||
|---|---|---|
Validating the compliance of software requirements with the access control policies during the early development life cycle improves the security of the software. It prevents authorizing unauthorized subject during the specification of requirements and analysis before proceeding to other phases where the cost of fixing defects is augmented. This paper provides a logical-based framework that analyzes the authorization requirements specified in the Unified Modeling Language (UML). It ensures that the access requirements are consistent, complete and conflict-free. The framework proposed in this paper is an extension to AuthUML framework. We refine AuthUML and extend it by expanding its analysis to validate the enforcement of the Separation of Duty (SoD) during the requirement engineering. We enhance and extend AuthUML with the necessary phase, predicates and rules. The paper shows the various types of SoD and how each type can be validated. The extension shows the flexibility and scalability of AuthUML to validate new policies. Also, the extension makes AuthUML spans to different phases of the software development process that widen the application of AuthUML. |
Year | DOI | Venue |
|---|---|---|
2007 | 10.1016/j.infsof.2006.03.009 | Information & Software Technology |
Keywords | Field | DocType |
access requirement,unified modeling language,requirement engineering,access control policy,semi-formal methods,authuml framework,software development process,access control policies,separation of duty,security engineering,software requirement,authuml span,early development life cycle,logical-based framework,use cases,authorization requirement,duty principle,software requirements,use case,formal method,life cycle | Functional requirement,Systems engineering,Software engineering,Computer science,Security engineering,Requirements engineering,Requirements analysis,Software development process,Requirement,Software requirements specification,Software requirements | Journal |
Volume | Issue | ISSN |
49 | 2 | Information and Software Technology |
Citations | PageRank | References |
11 | 0.52 | 13 |
Authors | ||
1 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Khaled Alghathbar | 1 | 498 | 32.54 |